I've learned a lot about cracking WEP keys and have all of my software and hardware configured to do it properly. I'm looking for a way to ping a router that I am not connected/authenticated to. I can see the AP and actually know the key since I set it up but I want to treat this like I know nothing about it.

Is there a way to get the WAN address easily. I've tried AiroPeek and OmniPeek as well as Nessus but I haven't messed with them long enough to really figure it out. I can get the MAC for the AP by using NetStumbler but can't get a host to ping to create traffic.

Hi,If you want to know the network addresses being used on a WEP network you can decrypt some captured packets using the key. Both Kismet and Wireshark support entry of WEP keys to view the decrypted data.

You won't be able to 'ping' the router until you're on the network i.e. have you card set up with the correct essid, channel, WEP key etc. It's the same as if you're on a wired network. You can create a ping packet without having an IP address and inject this onto the network, but you might not see the reply.

Is there a way to speed up the process of capturing packets and IVs? I used my internal card and connected to the network and sent an ICMP ping flood which really sped up the process and I got about 500,000 IVs in under 5 minutes which made cracking the key almost effortless.

I of course want to pentest this so without any clients on this AP can I speed the process up without being connected?

duffman984 wrote:Is there a way to speed up the process of capturing packets and IVs? I used my internal card and connected to the network and sent an ICMP ping flood which really sped up the process and I got about 500,000 IVs in under 5 minutes which made cracking the key almost effortless.

I of course want to pentest this so without any clients on this AP can I speed the process up without being connected?

The aircrack-ng site has all the answers you need. Pinging your router is really only good for a proof of concept and not really practical and certainly not very stealth. Aircrack has what you need to inject the proper packets.

Kev wrote:The aircrack-ng site has all the answers you need. Pinging your router is really only good for a proof of concept and not really practical and certainly not very stealth. Aircrack has what you need to inject the proper packets.

Good suggestion. I found the info you are talking about so I'll read up on it and give it a try. Thanks!

Soolari wrote:Hey guyz i saw a wireless in my schl that iz security enabled plz hw do i bypass that hlp..Any1

Simple, ask the network admin for the security keys.

Easy, huh?

Soolari, I might add for you - this site is ethicalhacker.net. Keyword, 'ethical.' While we can all remember times where we've seen access points in places, and thinking, 'what if I could just crack that, for fun or whatever?' to say you've seen 'a wireless in my schl that iz security enabled plz hw do i bypass that hlp' leads me to believe you have neither asked for, nor have a true need for, permission to access it. I don't think you'll find much support or advice from us, when your intentions aren't for the right reasons.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

if you want to know how to use a program, read everything you can find about it (on their website, their forums, and so on), then when it still doesn't work, post half your /etc and a dmesg or two. it is actually a whole lot more entertaining/engaging that way. and posting that you have imaginings of penetrating networks unauthorized online, not such a good idea.

besides, whats the point in cracking a password if you can just ask for it? err...

letting your school's administrator know if the network is unnecessarily at risk could be good, if you're intending to learn the tools/skills to offer that service. but if you're not willing to do some research (and learn linux), good luck with aircrack...